Land #2523, WDS use read_response

This is more robust at correctly receiving the entire DCERPC response.

[Closes #2511]
bug/bundler_fix
Meatballs 2013-10-14 23:54:56 +01:00
commit 63e850505e
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 5 additions and 3 deletions

View File

@ -164,11 +164,13 @@ class Metasploit3 < Msf::Auxiliary
wdsc_packet = packet.create wdsc_packet = packet.create
vprint_status("Sending #{architecture[0]} Client Unattend request ...") vprint_status("Sending #{architecture[0]} Client Unattend request ...")
response = dcerpc.call(0, wdsc_packet) dcerpc.call(0, wdsc_packet, false)
timeout = datastore['DCERPC::ReadTimeout']
response = Rex::Proto::DCERPC::Client.read_response(self.dcerpc.socket, timeout)
if (dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil) if (response and response.stub_data)
vprint_status('Received response ...') vprint_status('Received response ...')
data = dcerpc.last_response.stub_data data = response.stub_data
# Check WDSC_Operation_Header OpCode-ErrorCode is success 0x000000 # Check WDSC_Operation_Header OpCode-ErrorCode is success 0x000000
op_error_code = data.unpack('v*')[19] op_error_code = data.unpack('v*')[19]